Projekt

Obecné

Profil

« Předchozí | Další » 

Revize dea7f12f

Přidáno uživatelem Stanislav Král před téměř 4 roky(ů)

Re #8708 - Added a unit test covering a scenario in which an empty identity password is passed to the generate_pkcs_identity method of the CryptographyService

Improved the generate_pkcs_identity method in such way that when None is passed as the identity password then an empty string literal ("") is used instead.

Zobrazit rozdíly:

src/services/cryptography.py
462 462 
        :return: byte array containing the generated identity
463 463 
        """
464 464 
        with TemporaryFile("cert_key.pem", cert_key_pem) as cert_key_pem_file:
465 
            if identity_passphrase is None:
466 
                identity_passphrase = ""
467 

  		




  465
  468
  
    
            args = ["pkcs12", "-export", "-name", identity_name, "-in", "-", "-inkey", cert_key_pem_file, "-passout", f"pass:{identity_passphrase}", "-passin", f"pass:{cert_key_passphrase}"]


  		




  466
  469
  
    
            proc_input = cert_pem


  		




  467
  470
  
    
            # when the chain of trust is not empty append the -CAfile argument and the concatenated list of CoT PEMs


  		












  

    
      tests/unit_tests/services/cryptography/generate_pkcs_identity_test.py
    
  





  114
  114
  
    
    with pytest.raises(CryptographyException):


  		




  115
  115
  
    
        service.generate_pkcs_identity(child_cert, child_key, "Baz Pkcs", "secret_pass",


  		




  116
  116
  
    
                                       "".join([root_cert, inter_cert]), cert_key_passphrase="passkey")


  		




  
  117
  
    

  		




  
  118
  
    

  		




  
  119
  
    
def test_generate_pkcs_identity_empty_identity_passphrase(service):


  		




  
  120
  
    
    root_key = service.create_private_key()


  		




  
  121
  
    
    root_cert = service.create_sscrt(Subject(common_name="Foo"), root_key)


  		




  
  122
  
    

  		




  
  123
  
    
    inter_key = service.create_private_key()


  		




  
  124
  
    
    inter_cert = service.create_crt(Subject(common_name="Bar"), inter_key, root_cert, root_key)


  		




  
  125
  
    

  		




  
  126
  
    
    # protect the child key with a passphrase


  		




  
  127
  
    
    child_key = service.create_private_key()


  		




  
  128
  
    
    child_cert = service.create_crt(Subject(common_name="Baz"), child_key, inter_cert, inter_key)


  		




  
  129
  
    

  		




  
  130
  
    
    # pass an empty identity passphrase


  		




  
  131
  
    
    pkcs = service.generate_pkcs_identity(child_cert, child_key, "Baz Pkcs", "",


  		




  
  132
  
    
                                          "".join([root_cert, inter_cert]))


  		




  
  133
  
    

  		




  
  134
  
    
    # print out the pkcs store in order to be able to check it


  		




  
  135
  
    
    pkcs_info = subprocess.check_output(


  		




  
  136
  
    
        ["openssl", "pkcs12", "-info", "-in", "-", "-nodes", "-passin", "pass:"],


  		




  
  137
  
    
        input=pkcs,


  		




  
  138
  
    
        stderr=subprocess.STDOUT).decode()


  		




  
  139
  
    

  		




  
  140
  
    
    assert child_cert in pkcs_info


  		




  
  141
  
    

  		




  
  142
  
    
    assert "-----BEGIN PRIVATE KEY-----" in pkcs_info


  		




  
  143
  
    
    assert root_cert in pkcs_info


  		




  
  144
  
    
    assert inter_cert in pkcs_info


  		












Také k dispozici:  Unified diff